Author: jleroux
Date: Thu May 9 09:21:20 2019 New Revision: 1858981 URL: http://svn.apache.org/viewvc?rev=1858981&view=rev Log: "Applied fix from trunk for revision: 1858980 " ------------------------------------------------------------------------ r1858980 | jleroux | 2019-05-09 11:17:08 +0200 (jeu. 09 mai 2019) | 4 lignes Fixed: OWASP sanitizer breaks proper rendering of HTML code (OFBIZ-10187) By default we now use a permissive sanitizer policy ------------------------------------------------------------------------ Modified: ofbiz/ofbiz-framework/branches/release18.12/ (props changed) ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties Propchange: ofbiz/ofbiz-framework/branches/release18.12/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Thu May 9 09:21:20 2019 @@ -10,4 +10,4 @@ /ofbiz/branches/json-integration-refactoring:1634077-1635900 /ofbiz/branches/multitenant20100310:921280-927264 /ofbiz/branches/release13.07:1547657 -/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965 +/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212,1856405,1856455,1856459-1856460,1856484,1856598,1856610,1856613,1856617,1856667,1857088,1857099,1857152,1857154,1857173,1857180,1857213,1857392,1857617,1857692,1857813,1858035,1858092,1858180,1858250,1858256,1858275,1858319,1858347,1858432,1858444,1858483,1858523,1858539,1858965,1858980 Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties?rev=1858981&r1=1858980&r2=1858981&view=diff ============================================================================== --- ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties (original) +++ ofbiz/ofbiz-framework/branches/release18.12/framework/base/config/owasp.properties Thu May 9 09:21:20 2019 @@ -21,10 +21,11 @@ # OFBiz OWASP properties File https://www.owasp.org/index.php/Main_Page #### -# Should we use a permissive sanitizer policy? False By default! -# This has a slightly impact on the code rendered, see last comments in OFBIZ-6669. +# By default we use a permissive sanitizer policy +# This has a slight impact on the code rendered, see last comments in OFBIZ-6669. # Given as an example based on rendering cmssite, as it was before using the sanitizer. -# You might even want to adapt the PERMISSIVE_POLICY to your needs... Be sure to check https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before... +# You might even want to adapt the PERMISSIVE_POLICY to your needs. +# Be sure to check https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet before... # Use sanitizer.permissive.policy=CUSTOM to use your custom PolicyFactory sanitizer.enable=true |
Free forum by Nabble | Edit this page |